Проект «SnakeProject» Михаила КозловаРегистрация

Навигация
⇒FreeBSD and Nix⇒

⇐CISCO
⇐Voice(Asterisk\Cisco)
⇐Microsoft
⇐Powershell
⇐Python
⇐SQL\T-SQL
⇐1С
⇐Общая
⇐WEB Разработка
⇐ORACLE SQL \ JAVA

FreeBSD: milter-greylist + postfix + clamav + amavis + spamassasin


 

FreeBSD: milter-greylist + postfix + clamav + amavis + spamassasin

 

##### Серые списки - milter-greylist + postfix

Установите milter-greylist:
pkg install milter-greylist
или
cd /usr/ports/mail/milter-greylist && make install clean

 

Создайте файл конфигурации milter-greylist:
cd /usr/local/etc/mail
cp greylist.conf.sample greylist.conf

 

Включить milter-greylist в /etc/rc.conf:
echo 'miltergreylist_enable="YES"' >> /etc/rc.conf
echo 'miltergreylist_runas="postfix:postfix"' >> /etc/rc.conf


Настроим юелые и серые списки + правила:
greylist.conf:

user "postfix:postfix"

list "my network" addr { 127.0.0.1/8 }

list "trust network" addr { 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 }

list "grey users" rcpt { testuser@domain.local root@domain.local postmaster@domain.local }

dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31

racl whitelist list "my network"
racl whitelist list "broken mta"
racl whitelist list "trust network"
racl greylist dnsrbl "PBL" delay 30m autowhite 3d
racl greylist list "grey users" delay 30m autowhite 3d
racl whitelist default

 

/usr/local/etc/postfix/main.cf:
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock, inet:localhost:50055

 

/usr/local/etc/rc.d/milter-greylist start
/usr/local/etc/rc.d/postfix restart


В /var/log/maillog после отправки локально письма будет что-то типа:
skipping greylist because address 10.0.2.2 is whitelisted,
(from=<testuser@domain.local>, rcpt=<testuser@domain.local>, addr=[10.0.2.2][10.0.2.2]) ACL 13

 


##### АНтивирус clamav + amavis + spamassasin

 

### clamav

cd /usr/ports/security/clamav && make install clean
Указываем опции:
[x] ARC           Enable arch archives support            
[x] ARJ           Enable arj archives support             
[x] DMG_XAR       Enable DMG and XAR archives support     
[x] DOCS          Build and/or install documentation      
[ ] EXPERIMENTAL  Build experimental code                 
[x] ICONV         Encoding conversion support via iconv   
[ ] IPV6          IPv6 protocol support                   
[x] JSON          JSON file/format/parser support         
[ ] LDAP          LDAP protocol support                   
[x] LHA           Enable lha archives support             
[x] MILTER        Compile the milter interface            
[x] PCRE          Use Perl Compatible Regular Expressions
[ ] STDERR        Print logs to stderr instead of stdout  
[ ] TESTS         Run compile-time tests (req. python)    
[x] UNRAR         RAR decompression support               
[x] UNZOO         Enable zoo archives support       


vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime yes
LogClean yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
ScanMail yes


echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
freshclam
/usr/local/etc/rc.d/clamav-clamd start

 


### amavis + spamassasin
### получая письмо от postfix, передает его части на проверку clamav и spamassasin
### spamassasin подтянется с установкой amavis

cd /usr/ports/security/amavisd-new && make install clean
[ ] ALTERMIME     Use AlterMime for defanging/disclaimers  
[x] ARC           ARC support with archivers/arc           
[x] ARJ           ARJ support with archivers/arj           
[x] BDB           Use BerkeleyDB for nanny/cache/snmp      
[x] CAB           CAB support with archivers/cabextract    
[x] DOCS          Build and/or install documentation       
[x] FILE          Use newer file(1) utility from ports     
[ ] FREEZE        FREEZE support with archivers/freeze     
[x] IPV6          IPv6 protocol support                    
[ ] LDAP          Use LDAP for lookups                     
[x] LHA           LHA support with archivers/lha           
[x] LZOP          LZOP support with archivers/lzop         
[x] MSWORD        Ms Word support with textproc/ripole     
[ ] MYSQL         Use MySQL for lookups/logging/quarantine
[ ] NOMARCH       ARC support with archivers/nomarch       
[ ] P0F           Passive operating system fingerprinting  
[x] P7ZIP         P7ZIP support with archivers/p7zip       
[ ] PGSQL         Use PgSQL for lookups/logging/quarantine
[ ] RAR           RAR support with archivers/rar           
[x] RPM           RPM support with archivers/rpm2cpio      
[x] SASL          Use SASL authentication                  
[ ] SNMP          Install amavisd snmp subagent            
[x] SPAMASSASSIN  Use mail/spamassassin                    
[ ] SQLITE        Use SQLite for lookups                   
[ ] TNEF          Add external tnef decoder converters/tnef
[x] UNARJ         ARJ support with archivers/unarj         
[x] UNRAR         RAR support with archivers/unrar         
[x] UNZOO         ZOO support with archivers/unzoo         
[x] ZOO           ZOO support with archivers/zoo       

Ошибка:
amavisd-new-2.11.0_2,1 archivers/rar is a 32-bit binary port and is not
compatible with amd64.
Лечится:
RAR=off: RAR support with archivers/rar


Добавляем в автозагрузку:
echo 'amavisd_enable="YES"' >> /etc/rc.conf
echo 'spamd_enable="YES"' >> /etc/rc.conf
echo 'spamd_flags="-u vscan"' >> /etc/rc.conf


/usr/local/etc/postfix/main.cf:
content_filter = smtp-amavis:[127.0.0.1]:10024


/usr/local/etc/postfix/master.cf:

 


/usr/local/etc/amavisd.conf:


cd /usr/local/etc/mail/spamassassin && cp local.cf.sample local.cf

spamassassin 2>&1 -D --lint
sa-compile -D --list


# Если будет ошибка с sa-update
sa-update


# Ошибка
# run_av (ClamAV-clamd) FAILED - unexpected ,
# output="/var/amavis/tmp/amavis-20180913T161124-30389-FfbYEejA/parts
# : lstat() failed: Permission denied
pw usermod clamav -G vscan


/usr/local/etc/rc.d/clamav-clamd start
/usr/local/etc/rc.d/amavisd restart
/usr/local/etc/rc.d/postfix restart

 

 
 

Комментарии пользователей

Эту новость ещё не комментировалиНаписать комментарий
Анонимам нельзя оставоять комментарии, зарегистрируйтесь!

© Snakeproject.ru создан в 2013 году. При копировании материала с сайта - оставьте ссылку.


Яндекс.Метрика

Goon Каталог сайтов Рейтинг@Mail.ru